[81692] in North American Network Operators' Group
Re: md5 for bgp tcp sessions
daemon@ATHENA.MIT.EDU (Robert E.Seastrom)
Thu Jun 23 11:52:11 2005
To: Eric Gauthier <eric@roxanne.org>
Cc: Todd Underwood <todd@renesys.com>, nanog@merit.edu
From: Robert E.Seastrom <rs@seastrom.com>
Date: Thu, 23 Jun 2005 11:51:42 -0400
In-Reply-To: <20050623135744.GA27320@roxanne.org> (Eric Gauthier's message
of "Thu, 23 Jun 2005 09:57:44 -0400")
Errors-To: owner-nanog@merit.edu
Eric Gauthier <eric@roxanne.org> writes:
> Honestly, I completely agree with you that MD5'ing our OSPF
> adjacencies isn't a great idea (I've so far stalled its roll-out).
> I strongly argued against it internally. There were, however, those
> in both the networking and security groups that were concerned about
> the OSPF vulnerabilities that were pointed out recently and were in
> favor of the MD5s as the mitigation method.
passive-interface is your friend.
---rob
